cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

EWC Portal redirection in conjunctionwith Availability Group

EWC Portal redirection in conjunctionwith Availability Group

M_Nees
Contributor III
This is my environment:
2x V2110 EWCs - both configured as Availability Group.
Bridged at EWC Topology for Guest SSID - EWC1 = 192.168.44.5 and EWC2 = 192.168.44.6.

f311ef6a9c04427b8b6db4b1a60bbc8e_RackMultipart20181110-118427-b38j8s-Topology_inline.png



To avoid SSL Certicate Error if the nonAuth Guest will be redirected to portal page (which reside on EWC) we use a public certificate.
This is a wildcard certificate to customers domain - let say *.example.com

So i have to redirect NOT to IP (which is default) i have redirect to FQDN portal.example.com

f311ef6a9c04427b8b6db4b1a60bbc8e_RackMultipart20181110-117477-jjwdaz-Portal-Redirection_inline.png


Works fine if the DNS entry answers the IP of EWC1 =192.168.44.5.

But what about EWC redundancy and the 2 different IP in this EWC Topology ??

What happens if EWC1 fails and EWC2 which have IP 192.168.44.6 runs the portal - DNS answers 192.168.44.5 - so portal fails!

What is the solution ?

First idea was to configure portal1.example.com on EWC1 and portal2.example.com on EWC2 but the above screen was configured at WLAN Service level - so this will be at once replicated to other EWC - only one common value is configureable.

Second idea is to make two DNS Entries portal.example.com = 192.168.44.5, portal.example.com = 192.168.44.6.
But how does this work if both EWC are working. I fear this was not considered by design and will not work correctly.

But what is the best solution ?

4 REPLIES 4

StephanH
Valued Contributor III
Hello Matthias,

if you add two A-Records for one IP normally a DNS server will answer alternately with both ip addresses (sometimes used for a simple loadbalanceing), only one at the same time. In a normal system state this should work.

But in case of one controller is down a guest can receive the ip of the down controller and the access won't work if the client did no second DNS request.

Regards
Stephan

Regards Stephan

StephanH
Valued Contributor III
Hello Ron,

very good idea.

Regards
Stephan

Regards Stephan

M_Nees
Contributor III
Great idea!

That's the way i will do it!

Ronald_Dvorak
Honored Contributor
Turn off sync of the WLAN service then you are able to configure different values.... downside is that you'd need to do future changes for this WLAN service on both EWCs which isn't a big deal from my experience as you don't make changes that often after the installation.
GTM-P2G8KFN